<?php

# Session start
session_name('SID');
session_start();

class module {
	
	var $zam;
	
	function main()
	{				
		switch ($this->zam->data['get']['app'])
		{
			default:
			case 'basicauth':
				$this->login();
				break;
			case 'recovery':
				$this->lost_password();
				break;
			case 'checkem':
				$this->checkemail();
				break;
		}
	}
	
	#==================================
	# Login
	#==================================
	function login()
	{
		if ( ( !empty( $this->zam->data['post']['username'] ) ) or ( !empty( $this->zam->data['post']['password'] ) ) )
		{
			# Retrieve salt
			$result = $this->zam->sql->construct( array(
				'action'	=>	'select',
				'fields'	=>	'pass_salt',
				'db'		=>	constant('DB_MEMBERS'),
				'where'		=>	"username = '{$this->zam->data['post']['username']}'",
				'limit'		=>	1
			) );
			
			$s = $this->zam->sql->fetch();
			$salt = $s['pass_salt'];
			
			$where = sprintf("m.username = '%s' AND m.passhash = '%s' AND g.can_login = 1",
				$this->zam->data['post']['username'],
				sha1( md5( $this->zam->data['post']['password'] . $salt ) )
			);
			
			$result2 = $this->zam->sql->construct( array(
				'action'	=>	'select',
				'fields'	=>	'm.*, g.gid',
				'db'		=>	constant('DB_MEMBERS') . ' m',
				'join'		=>	constant('DB_GROUPS') . ' g ON(g.gid = m.mgroup)',
				'where'		=>	$where,
				'limit'		=>	1
			) );
			
			# Valid login?
			if ( $this->zam->sql->num_rows( $result2 ) == 1 )
			{
				# Set cookies
				$member = $this->zam->sql->fetch($result2);
				$this->zam->sess->setcookie('mid', $member['id'], (60 * 60 * 24));
				$this->zam->sess->setcookie('passhash', $member['passhash'], (60 * 60 * 24));
				$this->zam->sess->setcookie('loginkey', $member['login_key'], (60 * 60 * 24));
				
				# Update session
				$this->zam->sess->setsession( array(
					'member_id'	=>	$member['id'],
					'suser'		=>	$member['username']
				) );
				
				$result3 = $this->zam->sql->construct( array(
					'action'	=>	'update',
					'db'		=>	constant('DB_MEMBERS'),
					'set'		=>	array( 'logindate' => time() ),
					'where'		=>	"id = '{$member['id']}'"
				) );
				
				# Redirect
				header("Location: {$this->zam->url}profile");
			}
			else
			{
				# Error
				$this->zam->skin->set_vars( array(
					'title'		=>	'Login',
					'head'		=>	$this->zam->tags->stylesheet('main.css'),
					'error'		=>	1,
					'subtemp'	=>	'index.tpl',
					'online'	=>	'-----'
				) );
			
				$this->zam->skin->display('template.tpl');
			}
		}
		else
		{
			# Error
			$this->zam->skin->set_vars( array(
				'title'		=>	'Login',
				'head'		=>	$this->zam->tags->stylesheet('main.css'),
				'error'		=>	1,
				'subtemp'	=>	'index.tpl',
				'online'	=>	'-----',
			) );
			
			$this->zam->skin->display('template.tpl');
		}
	}
	
	#==================================
	# Lost username/password recovery
	#==================================
	function lost_password()
	{
		if ( !$this->zam->data['post']['recover'] )
		{
			$this->zam->skin->set_vars( array(
				'title'		=>	'Recovery',
				'head'		=>	$this->zam->tags->script('prototype.js') . $this->zam->tags->script('checkemail.js'),
				'subtemp'	=>	'recovery.tpl'
			) );
		}
		else
		{
			$result = $this->zam->sql->construct( array(
				'action'	=>	'select',
				'fields'	=>	'email',
				'db'		=>	constant('DB_MEMBERS'),
				'where'		=>	"email = '{$this->zam->data['post']['email']}'",
				'limit'		=>	1
			) );
			
			if ( ( empty($this->zam->data['post']['email']) ) or ( $this->zam->sql->num_rows($result) == 0 ) )
			{
				$emerror = '<img src="./images/error.png" alt="" /> Invalid email';
				$error = true;
			}
			else
			{
				$emerror = '<img src="./images/ok.png" alt="" />';
				$error = false;
			}
			
			if ( $this->zam->data['post']['captcha'] != $_SESSION['captcha'] )
			{
				$codeerror = '<img src="./images/error.png" alt="" /> Invalid code';
				$error = true;
			}
						
			if ( $error )
			{
				$this->zam->skin->set_vars( array(
					'title'		=>	'Recovery',
					'head'		=>	$this->zam->tags->script('prototype.js') . $this->zam->tags->script('checkemail.js'),
					'subtemp'	=>	'recovery.tpl',
					'emerror'	=>	$emerror,
					'codeerror'	=>	$codeerror,
					'user'		=>	$this->zam->data['post'],
				) );
			}
			else
			{
				$result = $this->zam->sql->construct( array(
					'action'	=>	'select',
					'fields'	=>	'email, username, login_key',
					'db'		=>	constant('DB_MEMBERS'),
					'where'		=>	"email = '{$this->zam->data['post']['email']}'",
					'limit'		=>	1
				) );
				
				$user = $this->zam->sql->fetch();
				
				$message = "Here is your recovered information from Zameleon:<br />\n<br />\nUsername: {$user['username']}<br />\nPassword: {$this->zam->url}login?app=resetpass&authkey={$user['login_key']}<br />\n<br />\nSincerely,<br />\nZameleon Support Team";
				$this->zam->email->send( $this->zam->data['post']['email'], 'Zameleon username/password recovery', $message );
				
				$this->zam->skin->set_vars( array(
					'title'		=>	'Recovery',
					'content'	=>	"Your login information has been sent to your email: {$user['email']}."
				) );
			}
		}
		
		$this->zam->skin->display('template.tpl');
	}
	
	#==================================
	# Ajax check email
	#==================================
	function checkemail()
	{
		$result = $this->zam->sql->construct( array(
			'action'	=>	'select',
			'fields'	=>	'email',
			'db'		=>	constant('DB_MEMBERS'),
			'where'		=>	"email = '{$this->zam->data['get']['em']}'",
			'limit'		=>	1
		) );
		
		print ( $this->zam->sql->num_rows($result) == 1 ) ? 1 : 0;
	}	
}

?>